<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Redis;

class member_authrization
{
    //排除执行位置
    // protected $exclude = [
    //     // 'member/user/LoginController@index',         // 登陆
    // ];

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle( Request $request, Closure $next )
    {
        // 执行路由
        $execute_router = $request->route()->getAction( 'controller' );

        // 路由器
        $router = explode( '@', $execute_router );

        // 控制器
        $controller = $router[ 0 ];

        // 行为
        // $action = $router[ 1 ];

        //是否存在控制器
        if( class_exists( $controller ) )
        {
            //是否在排除名单里
            if( ! in_array( str_replace( '\\', '/', $execute_router ), config( 'user.member_authrization_exclude' ) ) )
            {
                // 获取bearer token
                if( ! $auth_token = substr( $request->header( 'authorization' ), 7 ) )
                {
                    return response()->json( [ 'code' => 10003, 'message' => 'permission denied' ] );
                }
                
                // 解密token
                if( ( ! $auth_token = \jiemi( $auth_token, config( 'user.member_key' ) ) ) || ( ! $userinfo = json_decode( $auth_token, true ) ) )
                {
                    return response()->json( [ 'code' => 10004, 'message' => 'bad authorization token' ] );
                }
                
                // 验证字段完整性
                if( ( ! isset( $userinfo[ 'member_id' ] ) ) || ( ! isset( $userinfo[ 'session_id' ] ) ) )
                {
                    return response()->json( [ 'code' => 10005, 'message' => 'bad authorization token' ] );
                }
                $member_id = $userinfo[ 'member_id' ];      // member id
                $session_id = $userinfo[ 'session_id' ];    // session id

                // Redis::hmset( 'member:' . $member_id, [ 'member_id' => $member_id, 'session_id' => $session_id, 'authorization' => json_encode( [ 'App/Http/Controllers/member/user/LoginController' => [ 'index' ] ] ), 'csrf_token' => '123' ] );
                // 查询是否登陆
                if( ! Redis::exists( 'member:' . $member_id ) )
                {
                    return response()->json( [ 'code' => 10006, 'message' => 'no session' ] );
                }
                $member = Redis::hgetall( 'member:' . $member_id );

                // 单点登陆
                if( $session_id !== $member[ 'session_id' ] )
                {
                    return response()->json( [ 'code' => 10007, 'message' => 're login' ] );
                }

                // csrf token
                if( isset( $member[ 'csrf_token' ] ) && ! in_array( $request->method(), [ 'GET', 'HEAD', 'OPTIONS' ] ) && ! env( 'APP_DEBUG' ) )
                {
                    // 当前token
                    $csrf_token = $member[ 'csrf_token' ];
                    if( ( ! $x_csrf_token = $request->header( 'X-CSRF-TOKEN' ) ) || ( $x_csrf_token !== $csrf_token ) )
                    {
                        return response()->json( [ 'code' => 10008, 'message' => 'error or repeat submit' ] );
                    }
                }

                // 缓存信息
                $request->member = $member;
            }
        }

        return $next($request);
    }
}
